Identify data on device which can be used as evidence to identify user activity

Instructions

1.

(Group / Individual activity)Now that you have acquired data many differentways, analyze thedata using one of the forensics tools (adb, adb shell, Device Seizure, QtADB, etc) to get a freshdata acquisition from your device

2.

Look at earlier exercises for commands, as a refresher

3.

Explore data in directories like /data/ and /cache/

4.

As a forensic analyst, document findings that would help you determine the users professionand hobbies

5.

Be prepared to share your findings with the class

Investigators Name(s):

Investigation Date:

Data Extraction File Size:

Recent Photos Detail / include geo-location if available:

Recent GPS details:

Recent SMS / email details:

NOTES:

7

Exercise 7-

Reverse engineer an app and locate critical data

Objectives



Explore reversing tools for Android



Reverse engineer an Android applicationusing available tools



Locate data within the application

Instructions

1.

Use APKInspector

a.

At command line, navigate to “/opt/apkinspector”, run command

“python startQT.py”

2.

Attempt to reverse engineerFacebook or F-Droid .apk, located in Documents directory of